Vulnerability Description
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.
CVSS Score
4.9
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Search-Guard | Search Guard | < 23.1 |
Related Weaknesses (CWE)
References
- https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1Release Notes
- https://search-guard.com/cve-advisory/Vendor Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.tExploitThird Party Advisory
- https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1Release Notes
- https://search-guard.com/cve-advisory/Vendor Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.tExploitThird Party Advisory
FAQ
What is CVE-2019-13421?
CVE-2019-13421 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.
How severe is CVE-2019-13421?
CVE-2019-13421 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13421?
Check the references section above for vendor advisories and patch information. Affected products include: Search-Guard Search Guard.